DragonFly commits List (threaded) for 2008-07
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: cvs commit: src/sys/netinet raw_ip.c
| From: | Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx> |
| Date: | Sat, 5 Jul 2008 11:29:49 -0700 (PDT) |
:> sys/netinet raw_ip.c
:> Log:
:> Fix [gs]etsockopt(IP_HDRINCL) which allows mere mortals like me to obtain
:> IP addresses via DHCP again.
:
:Great. Only, it turns out the whole approach is flawed. Setting sopt_td to
:NULL may help with fooling sooptcopy{in,out} but some code uses the field
:to do permission checks. The obvious fix is to add ->sopt_flags and SOPTF_KVA
:and make sure no code in the tree leaves the new field uninitialized (lecture
:on why open-coding stuff is BAD ommitted). This means that soopt_{from,to}_*
:can go. This patch should do the trick; unless testing reveals some issue
:I'm going to revert my changes from HEAD and put it in ASAP so it can get
:wider testing before the release.
:
:Sorry for the inconvenience,
:Aggelos
It kinda sounds to me that the front-end system call should do all the
copyin/copyout into and out of kernel space and the backend protocol
code should just operate in the kernel space. The system call can
pass a ucred to the backend for permissions checks.
That would be more along the lines of what we do with our kern_*()
calls.
-Matt
- Follow-Ups:
- Re: cvs commit: src/sys/netinet raw_ip.c
- From: Aggelos Economopoulos <aoiko@cc.ece.ntua.gr>
- Re: cvs commit: src/sys/netinet raw_ip.c
- References:
- cvs commit: src/sys/netinet raw_ip.c
- From: Hasso Tepper <hasso@crater.dragonflybsd.org>
- Re: cvs commit: src/sys/netinet raw_ip.c
- From: Aggelos Economopoulos <aoiko@cc.ece.ntua.gr>
- cvs commit: src/sys/netinet raw_ip.c
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]